Re: Help with PIX 525

lcortex · ‎12-02-2002

Greetings everyone.... Here is my physical topology.

Internet-------2611 Router -------- PIX 525 ------- 3640 Router --------- Switch to LAN

I have the routers set up and they function perfect without the PIX. When I connect them to the PIX I cannot ping the directly connected interfaces or the outside world. I am new to setting up the PIX and I believe I need a conduit to allow access from the Inside to reach the internet. If this is the case, can anyone suggest the console commands.

Thanks,

Ross

gfullage · ‎12-02-2002

The PIX will need a default route statement to start off with pointing it to the 2611:

route (outside) 0.0.0.0 0.0.0.0

Then to go from inside to outside, you need a nat/global pair. The simplest way to get you going is this:

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

This NAT's all outbound traffic to the IP address of the outside interface of the PIX. You can change these values if you like, I would suggest making the nat statement just cover your internal network(s) and nothing else.

Command reference is here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/cmdref/index.htm

Step-by-step guide is here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/index.htm

Keep in mind you can't ping the outside interface of the PIX from the inside network and vice versa. You should be able to ping the inside inteface from the inside network though, so if you can't you've got some connectivity/routing problems.

lcortex · ‎12-03-2002

I will give that a shot guys- also one other question. The ip addresses for the pix are on the same network 65.160.29.x, netmask 255.255.255.248 but for some reason i can't give the ip address to the inside interface. It keeps saying cannot remove route. Any ideas?

Thanks,

Ross

rehan · ‎12-04-2002

your question is not cleared

Regards

Asim

dawsonpa · ‎12-06-2002

You cant have 2 interfaces on the pix which reside on the same network subnet.